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1 WE CLAIM 

2 

3 1 . A method of authenticating a pair of correspondents A,B to permit 

4 exchange of information therebetween, each of said correspondents having a 

s respective private key a,b and a public key p A ,pB derived from a generator a and 

6 respective ones of said private keys a,b, said method including the steps of 

7 i) a first of said correspondents A selecting a first random integer x and 
e exponentiating a function f(a) including said generator to a power g (x) to provide a 

9 first exponentiated function f(a) g(x> ; 
l o ii) said first correspondent A forwarding to a second correspondent B a message 
n including said first exponentiated function f(a) g(x) ; 

12 iii) said correspondent B selecting a second random integer y and exponentiating a 

13 function f (a) including said generator to a power g°° to provide a second 

14 exponentiated function f (a) e(y) ; 

is iv) said second correspondent B constructing a session key K from information 
is made public by said first correspondent A and information that is private to said 

17 second correspondent B, said session key K also being constructive by said first 

18 correspondent A for information made public by B and information that is private to 

19 said first correspondent A; 

20 v) said second correspondent B generating a value h of a function F[5,K] 

21 where F[a,K] denotes a cryptographic function applied conjointly to 6 and K and 

22 where 5 is a subset of the public information provided by B thereby to bind the values 

23 of 9 and K; 

24 vi) said second of said conrespondents B forwarding a message to said first 

25 correspondent A including said second exponential function f (a) g(y) and said value h 

2 6 of said cryptographic function F[8,K]; 

27 vii) said first correspondent receiving said message and computing a session key 

28 K' from information made public by said second correspondent B and private to said 

2 9 first correspondent A; 

3 o viii) said first correspondent A computing a value h' of a cryptographic function 
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1 F[a,IC];and 

2 ix) comparing said values obtained from said cryptographic functions F to 

3 confirm their correspondence. 

4 

5 2. A method of claim 1 wherein said message forwarded by said first 

6 correspondent includes an identification of the first correspondent. 

7 

8 3. A method according to claim 1 wherein said message forwarded by 

9 said second correspondent includes an identification of said second correspondent, 
xo 

11 4. A method according to claim 3 wherein said message forwarded by 

12 said first correspondent includes an identification of the first correspondent. 

13 

14 5. A method according to claim 1 wherein said first function f(<*) 

is including said generator is said generator itself. 

16 

i?6. A method according to claim 1 wherein said second function f(ct) 

18 including said generator is said generator itself. 

19 

20 7. A method according to claim 6 wherein said first function f(ct) 

21 including said generator is said generator itself 

22 

238. A method according to claim I wherein said first function including 

24 said generator f(a) includes said public key p B of said second correspondent. 

25 

26 9. A method according to claim 1 wherein said second function including 

27 said generator f ct includes said public key p A of said first correspondent. 

28 

29IO. A method according to claim 1 wherein said cryptographic functions F 

3 o are hashes of 6 and K. 
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2 11. 



A method of transporting a key between a pair of correspondents A,B 



3 to permit exchange of information therebetween, each of said correspondents having a 

4 respective private key a,b and a public key pa,Pb derived from a generator a and 

5 respective ones of said private keys a.b, said method including the steps of 



7 exponentiating a function f(a) including said generator to a power g (x) to provide a 

8 first exponentiated function f(a)* (x> ; 

9 ii) said first correspondent A forwarding to a second correspondent B a message 

10 including said first exponentiated function f(a) 8(x) ; 

11 iii) said second correspondent B constructing a session key K from information 

12 made public by said first correspondent A and information that is private to said 

13 second correspondent B, said session key K also being constructive by said first 

14 correspondent A from information made public by B and information that is private to 
is said first correspondent A; 

16 iv) both of said first correspondent A and said second correspondents B 

17 computing a respective value h,h' of function F[d,KJ where F[6,K] denotes a 

18 cryptographic function applied to 8 and K and where 5 is a subset of the public 

19 information provided by one of said correspondents; 

20 v) at least one of said correspondents comparing said values t^h' obtained from 

2 1 said cryptographic function F to confirm their correspondence; 
22 

2 3 12. A method of claim 1 1 wherein said message forwarded by said first 

24 correspondent includes an identification of the first correspondent. 

25 

26 13. A method according to claim 1 1 wherein said message forwarded by 

27 said first correspondent includes said value obtained from said cryptographic function 
2 a by said first correspondent. 

29 

30 14. 'A method according to claim 1 1 wherein said values obtained from 



6 



a first of said correspondents A selecting a first random integer x and 
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1 said cryptographic Amotions are obtained from a hash of said public information and 

2 said session key K. 

3 

4 15. A method according to claim 1 1 wherein said first correspondent 

s selects a pair of random integers x and t and generates a session key K as f(a) s(0 , and 

6 generates a value r from said first exponentiated function f(a)* (x) which includes a 

7 factor exponentiating said public key pb of said second correspondent B with said 
a random integer t to be of the form p B E(t)a8(x) . 

9 

io 16. A method according to claim 1 5 wherein said first correspondent A 

l i generates a value s from a combination of said random integer x and said private key a 

12 and forwards said value of r and said value of s to said second correspondent B to 

13 permit said second correspondent B to recover said session key K using the private 

14 key b of said second correspondent B. 

15 

16 17. A method according to claim 16 wherein said random integer x and 

17 said private key a are combined to produce s such that s=x-ra mod (p-1)- 

18 

19 18. A method according to claim 17 wherein said cryptographic function F 

20 is a hash of said public information 6 and said session key K. 

21 

22 19. A method according to claim 1 8 wherein said public information 6 is 

23 the public key pA of said first correspondent A. 
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